24 posts tagged with "Composer"

We've been using a private Composer repository since the early days of Composer, starting with Satis, then migrating to Satisfy, and finally to Repman for better organization support.

Sometimes, you need to patch your project files until a bugfix is shipped to the upstream repository. cweagans/composer-patches is a Composer package that automates applying patches during the Composer install procedure.

Last weekend at the Mage Titans Conference in Manchester, the sansec folks announced their new Composer Integrity Plugin project.

Composer 2.4 introduced a new command to check the dependencies in your projects for known vulnerabilities.

Old PHP projects often still use Composer 1 and require an old PHP version to run. To make life easier for the other developers, I have created some efficient and small development setups based on Docker.

Sometimes folders like node_modules consume too much space and then a small cleanup may be needed.

A few weeks ago, whilst applying the latest security patches for Magento, I ran into a problem in our build pipeline. The patches could be applied locally without any issues, but in our build pipeline applying the patches failed.

A few days ago Jordi announced the first dev build of Composer 2.0. I immediately went and downloaded it. Since version 2.x should be a lot faster, I thought it is a good idea to test it against a current Magento 2 project I am working on. I was a bit disappointed first because Composer failed with quite a few errors like that:

Sometimes you run into this situation when a git pull will respond with Merge conflict in config.php. How to solve this issue in a proper way? Let's have a look how other people solve similar issues, namely my friend Mr. Rafael Dohms. Quite a while ago he blogged about a similar problem on how to solve conflicts in Composer's lock file. This is what I learned from his blog post:

This blog post has been sitting on my desk for quite a while but due to a lot of work in the last weeks I was not able to finish it earlier. Luckily, I found some time during my travels to finish the blog post and share my findings on the "require-dev gone wrong!" problem. While some people thought the former blog post was mostly click bait or proposed a "fix" which does not actually solve the general problem, I actually got a lot of good feedback on twitter. Even an issue for Composer was created to discuss the problem even though it was closed by now.